In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients.  After the court dismissed the plaintiff’s original complaint, the FCC issued an omnibus TCPA order offering guidance on numerous issues, including the types of equipment subject to TCPA restrictions and the statute’s application to social app petitioners for text messages sent using their services.  On September 11, the court dismissed the plaintiff’s amended complaint with prejudice, concluding that the omnibus TCPA order reinforced prior FCC decisions that supported AOL’s arguments for dismissal.  (Covington represents AOL in this case.)  The decision undercuts the dire predictions in some quarters that the recent omnibus TCPA order would in every circumstance expand the scope of liability under the TCPA.

As interpreted by the FCC and courts, the TCPA prohibits the use of an automatic telephone dialing system (ATDS) to call or text a mobile phone for informational purposes without the prior express consent of the recipient.  However, equipment used to make calls or send text messages can only qualify as an ATDS if it operates “without human intervention.”  The plaintiff alleged that he had received instant messages from an AIM user that were intended for someone else as text messages on his mobile phone, as well as a “confirmation text” from AOL after he requested to block future messages from the errant sender.  In dismissing the initial complaint, the court held that the misdirected messages resulted from “human intervention” by the AIM user.  The court also held that existing FCC authority and a “common sense” approach to the TCPA allows for a confirmation text message to be sent in reply to a request for action.

In support of his amended complaint, the plaintiff had argued that the FCC’s omnibus order expanded the ATDS definition to cover any call made or text message sent using equipment with the alleged capacity to operate as an ATDS, even if this “potential” capacity was not used to place the call or send the text message in question.  The court soundly rejected the plaintiff’s sweeping interpretation, noting that the FCC’s omnibus order “does not eliminate the requirement that an autodialer under the TCPA operate without human intervention.”  The court also stated that the FCC’s omnibus order reaffirms that the TCPA permits consumer-friendly confirmation texts.

The amended complaint also alleged that AIM status updates were indicative of the use of an ATDS.  However, the court held that the plaintiff did not have standing to “pursue a TCPA claim based on [AIM] messages that plaintiff did not personally receive.”  The court also pointed out that the new allegations “only relate to users of AIM,” who would have consented to receive such messages.  Finally, the court found that AIM status updates result from the “human intervention” of users logging into or out of the AIM service, or sending the status messages themselves.

The court’s decision provides important clarity on the effect of the FCC’s recent omnibus order for social messaging services.

Tags: Class Action, FCC, Federal Communications Commission, Litigation, mobile apps, TCPA, Telephone Consumer Protection Act
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Eric Bosset Eric Bosset

Eric Bosset is a senior counsel whose practice encompasses a broad range of complex litigation matters, with an emphasis on (1) privacy, data security and consumer protection, (2) employment and ERISA, and (3) financial products and services. Eric has extensive experience in class…

Eric Bosset is a senior counsel whose practice encompasses a broad range of complex litigation matters, with an emphasis on (1) privacy, data security and consumer protection, (2) employment and ERISA, and (3) financial products and services. Eric has extensive experience in class actions, MDL proceedings, and other multi-party lawsuits. His trial victories include a jury verdict in an employment class action lawsuit that The National Law Journal ranked among the 25 most notable defense verdicts of the year.

Privacy and Consumer Protection

Eric was named “Most Valuable Player” in Privacy & Consumer Protection by Law360. He has an extensive practice representing Internet service providers, publishers and advertisers in class action litigation involving claims of unauthorized collection and disclosure of personally identifiable information (“PII”). He has successfully represented Microsoft, AOL, CBS, McDonald’s, Mazda, the Indianapolis Colts, and other companies in obtaining the dismissals of putative class action lawsuits that asserted federal law claims under the Electronic Communications Privacy Act (“ECPA”), Computer Fraud and Abuse Act (“CFAA”), and Video Privacy Protection Act (“VPPA”), as well as state law claims under the Illinois Biometric Information Privacy Act (“BIPA”) and for unfair practices, trespass, and invasion of privacy.

Eric also represents companies in connection with matters arising under the Fair Credit Reporting Act (“FCRA”), Fair and Accurate Credit Transaction Act (“FACTA”), Telephone Consumer Protection Act (“TCPA”), and other consumer protection statutes.

Employment and ERISA

Eric has extensive experience defending companies in individual and class action litigation brought under federal and state laws concerning discrimination, retaliation, whistleblowing, wage and hour disputes, and wrongful termination, as well as in class action litigation involving the Employee Retirement Income Security Act (“ERISA”). Eric has the rare distinction of having tried and won a jury verdict in a class action lawsuit alleging “pattern or practice” discrimination on the basis of age in connection with a corporate reduction in force. Bush, et al. v. Deere & Company (C.D. Ill.). He also secured the reversal on appeal of a class certification order in a “stock drop” lawsuit that claimed breaches of fiduciary duty in the administration of a company retirement savings plan. In re Schering Plough Corporation ERISA Litig., 589 F.3d 585 (3d Cir. 2009). Eric also represents clients in EEOC investigations.

Financial and Fintech

Eric’s practice includes the representation of financial and fintech companies on a broad array of civil litigation, arbitration, and regulatory enforcement matters relating to financial products and services, including matters for Wells Fargo Bank, JPMorgan Chase, Synchrony Bank, Envestnet, Yodlee, and MidFirst Bank.

Read more about Eric BossetEmail
Show more Show less
Photo of Caleb Skeath Caleb Skeath

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of…

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of cybersecurity and privacy risk—from governance and preparedness through incident response, regulatory engagement, and follow‑on litigation. A Certified Information Systems Security Professional (CISSP), he is trusted by clients across highly regulated and technology‑driven sectors to provide clear, practical guidance at moments when legal judgment, technical understanding, and business realities must be aligned.

Caleb has deep experience leading and overseeing responses to complex cybersecurity incidents, including ransomware, data theft and extortion, business email compromise, advanced persistent threats and state-sponsored threat actors, insider threats, and inadvertent data loss. He regularly helps in‑house counsel structure and manage investigations under attorney‑client privilege; coordinate with internal IT, information security, and executive stakeholders; and engage with forensic firms, crisis communications providers, insurers, and law enforcement. A central focus of his practice is advising on notification obligations and strategy, including the application of U.S. federal and state data breach notification laws and requirements along with contractual notification obligations, and helping companies make defensible, risk‑informed decisions about timing, scope, and messaging.

In addition to his work responding to cybersecurity incidents, Caleb works closely with clients’ legal, technical, and compliance teams on cybersecurity governance, regulatory compliance, and pre‑incident planning. He has extensive experience drafting and reviewing cybersecurity policies, incident response plans, and vendor contract provisions; supervising cybersecurity assessments under privilege; and advising on training and tabletop exercises designed to prepare organizations for real‑world incidents. His work frequently involves translating evolving regulatory expectations into actionable guidance for in‑house counsel, including in highly-regulated sectors such as the financial sector (including compliance with NYDFS cybersecurity regulations, the Computer Security Incident Notification Rule, and GLBA guidelines and guidance) and the pharmaceutical and healthcare sector (including compliance with GxP standards, FDA medical device guidance, and HIPAA).

Caleb’s practice also addresses evolving and emerging areas of cybersecurity and data security law, including advising clients on compliance with the Department of Justice’s Data Security Program, CISA‑related security requirements for restricted transactions, and preparation for new regulatory regimes such as the CCPA cybersecurity audit requirements and federal incident reporting obligations. He regularly counsels clients on how artificial intelligence and connected devices intersect with cybersecurity, privacy, and consumer protection risk, and how to support innovation while managing regulatory exposure.

Caleb also has extensive experience helping clients navigate high-stakes cybersecurity-related inquiries from the Federal Trade Commission, state Attorneys General, and other sector-specific regulators, including incident-specific inquiries as well as broader inquiries related to an entity’s cybersecurity practices and the security of product or service offerings. For companies that have entered into cybersecurity-related settlement agreements with regulators, Caleb has helped guide them through compliance with settlement agreement obligations, including navigating required third-party assessments and strategically responding to cybersecurity incidents that can arise while a company is subject to a settlement agreement. Caleb also routinely works hand-in-hand with colleagues in Covington’s class action litigation, commercial litigation, and insurance recovery practices to prepare for and successfully navigate incident-related disputes that can devolve into litigation.

Read more about Caleb SkeathEmail
Show more Show less